Topic: Wallet software security (Read 584 times)

The password is only for accessing the app. For example, when someone tries to access our mobile wallet application, it is necessary to enter a password in order to be able to tamper with the contents of the wallet.
Whereas the private key and/or seed phase is to be able to access to our address if the mobile wallet app is lost. So by storing with a good level of security will be able to save our assets.

This is a common explanation that many people already know, but I just wanted to remind you again.

Nothing, just shows the seed phrase, no backup instructions to device storage. Btw, the Gdrive backup option appears only when accessing the seed phrase in online mode.

---

Thanks for clarifying this.

Well, it is also available on trustwallet only when the seed phrase is displayed.

Just to avoid stalkers or CCTV in public places I think, but it's not really safe to check your bitcoin balance outside of your home.

I still have Coinomi installed on my phone from needing it several years ago. If you want to view your recovery phrase in Coinomi, you need to enter your password. Otherwise, you can't see it. I don't think the software has a biometric feature. I don't see it in the settings.

The wallet features two more privacy features:
- One disallows the phone to take screenshots while the Coinomi app is active. And it works.
- The second one is silly and makes little sense. It hides the balances in your wallet. The silly thing is you can enable/disable this feature with the click of a button. It doesn't ask you for your password.

The more I read about Coinomi wallet, the more I'm worried about its users. What does the manual backup do? Does it present you with the seed, and then ask you to write it down or is it trying to store a local backup, via storing it on your device? If it's the latter there's a whole lot wrong with that. The final straw is they've specifically stated they recommend both backup options "to help loss of crypto", but I honestly believe the way they're recommending to do it, puts it at even more risk.

Obviously, the fact that's closed source should be enough to deter most users from using their wallet, but I've seen it getting mentioned more, and more recently.

I'd rather input my password regularly, especially if it's a hot wallet, since that can be changed if you suspect that you've been compromised, compared to a private key that can't be changed, and therefore once compromised, will forever be compromised.

Although, if you suspect you've been compromised, I'd probably set up a new secure environment, and transfer to Bitcoin to the new securely generated wallet.

Right, if you have your physical wallet file you don't need to input the private key, same goes when you import your seed to generate a new wallet. Usually, you don't even need your password or biometrics since it's like creating a new wallet with the same private keys.

Interested to be more curious, related to the recent "hacking" issue on the coinomi wallet (which I just remembered). I gave several possible causes, one of them:

Since I don't use coinomi wallet, I tried my trustwallet and... bingo!!!, it really needs biometric authentication to access the seed phrase. Also, the crazy method that trustwallet offers: Gdrive backup 


Anyone who uses coinomi, does that also have the same way as trustwallet to access seed phrases?

If you use a new device, essentially you're creating a new wallet, unless you export your old one and open it on your new device. Even if the latter is the case, you don't need to re-input your private key again afaik, just need your password/fingerprint/etc to unlock it. Of course, this assumes you use the same wallet again. That being said, most wallets use seeds nowadays, so that might be the better choice to back up.

I think you might be confusing something with private keys. Some wallets probably introduce another PIN-like feature that you need to input in addition to your password to make a transaction, but as mentioned above, a private key is not an additional choice, it is necessary. CMIIW.

One has nothing to do with the other. You have no influence over the private key that gets generated nor can you choose one that you prefer. The wallet isn't going to "request" the private key when you try to open it, and no one makes backups of individual private keys for each used address nowadays unless they have to. Just backup your seed and it takes care of everything else.

- The private key is a signing key that you need to make transactions. The process is automated and the wallet does that for you. The wallet doesn't ask you to point it towards the correct private key.
- Password and biometric entries aren't automated. You use them manually to access your wallet.

What's the name of the software wallet you're talking about dude? Then I haven't tried what you're saying, and I rarely use soft wallets on mobile unless necessary.

And if I do install a wallet on a mobile device, I create a private key in addition to the password that will be requested and keep it in a safe place.

In addition to that, even with the password that's been set, one will still be requested to input the private keys in a situation where you change your device to a new one even after inputting your password. So invariably it shows how quintessential the private keys is to a password that's just mainly preventing access to device before assets itself.

That wouldn't deduct it as an attack vector.
He could have used the vulnerable versions prior to downloading 4.3.2 in December, used a malicious URI that lead to a compromised PC.

That's one directly related to Electrum; But like I said, it's a hot wallet, so there's a lot of other possible scenario.

You are talking about a vulnerability that was fixed with the release of Electrum version 4.2.2. The person who lost their coins was using Electrum version 4.3.2., so that issue would have been fixed a long time ago. Julerz12 must have done something else that resulted in someone stealing his money.

He allegedly kept the funds in a "Hot wallet" so there are a lot of possible scenarios in that case.
Google "hot wallet issues" for some insights.
He had the option to create MultiSig, 2FA or connect his hardware wallet (which he mentioned that he has one) but used a standard wallet instead to escrow funds.

As for Electrum, there was a recent vulnerability found in BIP70 payment request: https://github.com/spesmilo/electrum/security/advisories/GHSA-4fh4-hx35-r355
But that wont directly lead to loss of funds, read the security advisory and the linked commit below it for more info.

I am not familiar with the case, so I can't comment on that incident itself. The newest Electrum version is 4.3.3., released just a week ago. I have just gone through the release notes, and there is no mention of any serious vulnerabilities that were fixed from the version before. In my experience, 99% of all cases where people loss funds or have them hacked/stolen is because the user made a mistake. Fake wallets, phishing, malware, keyloggers, etc. Even the people he talked with from the signature campaign he managed are potential suspects who could in theory have given him an infected file.

If there was something seriously wrong with Electrum 4.3.2, I think we would hear many more complains than only that of julerz12.   

The software wallet (Electrum 4.3.2) hacking incident experienced by julerz12, what was possibly the cause?

This is exactly what I was worried about earlier in that you only need to enter your PK once at the start and let the password permit all your subsequent activities as long as you're in control of the device.

What do y'all think?

What you said sounds like something that a badly configured AI would say.

You don't log in with private keys, you do it with PINs or passwords. You don't sign transactions with PINs or passwords, you do it with private keys.

Good enough for what? Being a substitute for a private key?

Hardware wallets don't even show you the private keys in their native apps or software, so that a newbie wouldn't mistakenly copy them or save them somewhere digitally. It also doesn't allow a remote hacker to steal the keys.

It's already mentioned that the private key doesn't work like the password, there are already multiple replies that covers that info.

In fact password or private key is the same, when you log in. Of course if your password is good enough. Wallet security start with hardware wallet. 

In response to this problem, I organized my thoughts through a mind map, please refer to it.

https://i.imgur.com/STjztir.png

Once you enter your software wallet's password, PIN, or biometric scan, you have all you need to access the wallet information. Take Electrum as an example. Once the wallet has been decrypted with the correct password, you can easily access the private keys and copy them from the wallet. The private key doesn't help in securing your wallet from being accessed. It's just the string required to sign your transactions. 

The private key is the "sensitive information" that you're protecting with your wallet's password, it doesn't function as its security.
(in other words: it should be secured, it's not what securing your wallet)

It should've already addressed by the quoted message in the first reply.

The private key still functions as the main wallet security and the device security keeps the wallet software safe. This will be double security which certainly guarantees that it is not easy to break into, because the first layer of security from the device must be passed before being able to access the wallet application that is in the second layer of security.
maybe like the mockup that I made will describe the security of the device and mobile wallet software.

There is a difference between the password you set to lock your device and the password you set to lock your wallet. And this does really matter.
The password you use to lock your wallet will be used to encrypt your wallet file (seed/private keys). In this case, even if someone somehow manages to access your device and extract it files he will be unable to steal your coins without knowing the wallet password.
On the other hand, mobile passwords/biometric security, afaik, do not encrypt your files. So, if someone manage to access your files he will be able to steal your coins.

That's true, but there is a slight difference between custodial wallets (accounts) and non-custodial wallets. With a custodial wallet, like one created on an exchange, you don't have access to private keys. The keys belong to them, and they just top up or decrease your balance whenever you deposit coins into your account.   

Different people have different thoughts on how hardware wallets should be classified. Some do consider them cold wallets, others say they can't be cold since there is an internet connection. And then there are those who say they shouldn't be called hot or cold. Instead, they are a category of their own - hardware wallets. In that case, only truly airgapped hardware wallets can belong to the cold category. 

Biometrics is supposed to be accompanied with physical security otherwise it is an ineffective security measure. Things like retinal scan and fingerprint scan can be copied, but if there's an ID-based system in an organization then the crooks cannot even get to the scanner in the first place - it was more or less indented as a measure to block employees who've recently been terminated or otherwise had their access revoked.

If it's just you and the scanner, there's nothing stopping some casual electronic thief from getting the biometrics they need as well. It was a dumb idea from the onset, pushed first of all by Apple (and then everyone copied them), because they don't realize that passkeys and diceware passphrases are superior alternatives to passwords.

---

Which makes me think that all wallets in companies should be kept on airgapped computers in locked rooms guarded by security and requiring a biometrics recognition to get in and THEN a password is required to unlock the wallet. I wonder how many more exchange hacks can be prevented this way.

I don't get the comparison. You don't enter in your private key every time you open the wallet app or make the transaction because the private key is stored on your device's storage. I guess the app lock thingy only helps if it adds a layer of encryption(?) for your private key.

Of course OP , sometimes many mobile apps require only password/pin with 4/6 digits but not required private key(PK) . I think it's not a good security system of those applications. It would be highly appreciated to keep the backup phase/ private key in the private note .
Private key only not a fully secured, biometric, fingerprint, wallet backup phases, two factor authentication, SMS authentication etc can assure you strongly.

Not an alternative, but enough to represent it with conditions.
In practice I only need to use 1 time PK at the beginning (if I import the address), then (somehow) with the embedded security method in the wallet (password, pin, etc.) it's like a command to activate the PK functions to manage the wallet. It can be said that the application only ensures that the user is still the same person with that password and at the same time asks for the authorization of all subsequent user commands.

During the last bull run, I had a friend that got lucky and become very rich. Many of his friends knew about it. Suddenly one day, some of his coins were stolen on an online wallet. I wished I could have advice him to have used cold storage instead, but I thought he knew. Example is being around friends like I have used to before while in school, you may trsut some, but anything can happen. It is very possible you will sleep one day and only your finger will open your phone and wallet like Trustwallet that encourages fingerprint while setting it up. Password or pin is only advisable. Even people can think some attacks are online, but it can also be offline.

2FA is common on custodial wallets, while many people do not go for the option on noncustodial wallet, like Electrum. In most wallet design, the funniest part is that if a wallet has both password and fingerprint enabled, only one is just needed to access the wallet. If I remember correctly, close source wallets (close source not recommendable) like Coinomi, Atomic and Trustwallet work that way, in a way only one is needed to access it. Which means people using both will prefer using just fingerprint, not knowing how insecure it is. Although, some wallets add another means of encryption in a way another password that is different from the first password would later be required for making transaction, but how about the seed phrase that can be revealed which can be used to compromise the wallet if passphrase is not included while generating the keys.

It's my understanding that every wallet, hardware or software (mobile), needs a private key to be able to sign transactions. The private key is most likely stored internally in encrypted form that requires your password or pin to unlock the wallet. Passwords/pins are not a substitute for private keys but an additional layer of security. If someone gets access to your wallet, they won't be able to use it without knowing your password or pin. However, what you should take away from this is that if someone manages to get a hold of your private key, they can access your funds without needing to enter your password or pin.

In light of all of this, I think it's safe to suggest that a hardware wallet is the best choice for long-term storage of your cryptocurrency because it's an offline device that keeps your private keys safe from hackers. It also protects against issues like malware, which can steal your coins if private keys are stored on a computer or phone.

True security is only achieved when you start using a secure environment not by adding more layers of security on a base that is not safe to begin with. For example if you use a mobile wallet or a desktop wallet on a computer you use to connect to internet, even though adding a password provides a better security but because the base (or the environment) is not safe itself you can not claim to have security.

True security only exists in cold storage form.

For a transaction from your wallet to happen, it needs to be signed with the appropriate private key. Bitcoin's don't move without the correct signature. Passwords, PINs, biometrics, 2FA devices just grant access rights to the device in question. They have got nothing to do with transaction signing process. Your transaction still needs to be signed with the correct key whether you have 0 or 4 different security points to clear before you are allowed to use your wallet.

Whether you put a password/pin/fingerprint to your wallet or not, it will still use internally private keys because that's how bitcoin works (if it's indeed a bitcoin wallet and not a custodian account).
The pin/password is protecting the access to the wallet software and maybe the wallet file, hence, as said, it's a (thin) extra security layer.

But keeping big bucks on mobile wallets is unadvised. Consider hardware wallet.
And biometrics is weak security (fingerprints can be copied, fingers can be cut down, or you can be easily put asleep on medicines or drugs).

Not recommendable to use biometry (like fingerprint) for wallet. Most people use biometry to unlock mobile device (not recommendable too). Using it for wallet too, easy for such wallet to be compromised.

Password is not the same as private key, you do not use private key often. Private key can be used to recover your wallet and spend from the wallet.

Password is used to unlock your wallet on the device. If you import the wallet to another device, you will have to set another password. Old password will only be valid on your old wallet or device, once imported on another device or new wallet, the old password is no more useful or needed.

So you have to protect your private key and seed phrase, while password can help against those that wants to access your wallet to spend from it or to know your seed phrase or private key.

The private key is what allows you to spend your funds. If you set a password, you're adding an extra layer of security, passwords are not alternatives to your PK.

See this from Electrum's docs:


Biometrics, on the other hand, is different. I asked a similar questions some time ago, see here: https://bitcointalksearch.org/topic/bluewallet-decrypt-storage-5215292

If someone installs a software wallet (say a mobile wallet) and then sets a password or biometric security instead of using the private key frequently, isn't that the same as thinning the security layer of the asset itself?
Did the privatekey really function as a key asset guard all this time?